research-article

QUASAR: Quantitative Attack Space Analysis and Reasoning

Authors:

Richard Skowyra,

Steven R. Gomez,

Hamed OkhraviAuthors Info & Claims

ACSAC '17: Proceedings of the 33rd Annual Computer Security Applications Conference

Pages 68 - 78

https://doi.org/10.1145/3134600.3134633

Published: 04 December 2017 Publication History

Abstract

Computer security has long been an arms race between attacks and defenses. While new defenses are proposed and built to stop specific vectors of attacks, novel, sophisticated attacks are devised by attackers to bypass them. This rapid cycle of defenses and attacks has made it difficult to strategically reason about the protection offered by each defensive technique, the coverage of a set of defenses, and possible new vectors of attack for which to design future defenses. In this work, we present QUASAR, a framework that systematically analyzes attacks and defenses at the granularity of the capabilities necessary to mount the attacks. We build a model of attacks in the memory corruption domain, and represent various prominent defenses in this domain. We demonstrate that QUASAR can be used to compare defenses at a fundamental level (what they do instead of how they do it), reason about the coverage of a defensive configuration, and hypothesize about possible new attack strategies. We show that of the top five hypothesized new attack strategies, in fact, four have been published in security venues over the past two years. We investigate the fifth hypothesized vector ourselves and demonstrate that it is, in fact, a viable vector of attack.

References

[1]

CVE-2015-7545. Available from MITRE, CVE-ID CVE-2015-7545. (feb 2016), https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7547

[2]

Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity. In: Proc. of ACM CCS. pp. 340--353 (2005)

Digital Library

[3]

Anderson, J.P.: Computer security technology planning study. volume 2. Tech. rep., DTIC Document (1972)

[4]

Baratloo, A., Singh, N., Tsai, T.K., et al.: Transparent run-time defense against stack-smashing attacks. In: USENIX Annual Technical Conf. pp. 251--262 (2000)

Digital Library

[5]

Becher, M., Dornseif, M., Klein, C.N.: Firewire: all your memory are belong to us. Proceedings of CanSecWest (2005)

[6]

Biere, A., Heule, M., van Maaren, H.: Handbook of satisfiability, vol. 185. IOS press (2009)

Digital Library

[7]

Bigelow, D., Hobson, T., Rudd, R., Streilein, W., Okhravi, H.: Timely rerandomization for mitigating memory disclosures. In: Proc. of ACM CCS (2015)

Digital Library

[8]

Carlini, N., Barresi, A., Payer, M., Wagner, D., Gross, T.R.: Control-flow bending: On the effectiveness of control-flow integrity. In: Proc. USENIX Security (2015)

Digital Library

[9]

Carrier, B.D., Grand, J.: A hardware-based memory acquisition procedure for digital investigations. Digital Investigation 1(1), 50--60 (2004)

Digital Library

[10]

Cowan, C., Beattie, S., Day, R.F., Pu, C., Wagle, P., Walthinsen, E.: Protecting systems from stack smashing attacks with stackguard. In: Linux Expo (1999)

[11]

Crane, S., Liebchen, C., Homescu, A., Davi, L., Larsen, P., Sadeghi, A.R., Brunthaler, S., Franz, M.: Readactor: Practical code randomization resilient to memory disclosure. In: Proc. of IEEE S&P (2015)

Digital Library

[12]

Darwiche, A.: Decomposable negation normal form. Journal of the ACM (JACM) 48(4), 608--647 (2001)

Digital Library

[13]

Darwiche, A.: On the tractable counting of theory models and its application to truth maintenance and belief revision. Journal of Applied Non-Classical Logics 11(1-2), 11--34 (2001)

[14]

Darwiche, A.: A compiler for deterministic, decomposable negation normal form. In: AAAI/IAAI. pp. 627--634 (2002)

Digital Library

[15]

Evans, C.: Advancing exploitation: a scriptless 0day exploit against linux desktops (2016), http://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html

[16]

Evans, I., Long, F., Otgonbaatar, U., Shrobe, H., Rinard, M., Okhravi, H., Sidiroglou-Douskos, S.: Control jujutsu: On the weaknesses of fine-grained control flow integrity. In: Proc. of ACM CCS (2015)

Digital Library

[17]

Hiser, J., Nguyen-Tuong, A., Co, M., Hall, M., Davidson, J.W.: Ilr: Where'd my gadgets go? In: Proc. of IEEE S&P (2012)

Digital Library

[18]

Hu, H., Shinde, S., Adrian, S., Chua, Z.L., Saxena, P., Liang, Z.: Data-oriented programming: On the expressiveness of non-control data attacks. In: Proc. of IEEE S&P (2016)

[19]

Kil, C., Jun, J., Bookholt, C., Xu, J., Ning, P.: Address space layout permutation (aslp): Towards fine-grained randomization of commodity software. In: Proc. of ACSAC'06 (2006)

Digital Library

[20]

Kim, Y., Daly, R., Kim, J., Fallin, C., Lee, J.H., Lee, D., Wilkerson, C., Lai, K., Mutlu, O.: Flipping bits in memory without accessing them: An experimental study of dram disturbance errors. In: ACM SIGARCH Computer Architecture News. vol. 42, pp. 361--372 (2014)

Digital Library

[21]

Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Foundations of attack--defense trees. In: International Workshop on Formal Aspects in Security and Trust (2010)

Digital Library

[22]

Kuznetsov, V., Szekeres, L., Payer, M., Candea, G., Sekar, R., Song, D.: Code-pointer integrity. In: OSDI (2014)

Digital Library

[23]

Larsen, P., Homescu, A., Brunthaler, S., Franz, M.: Sok: Automated software diversity. In: Proc. of IEEE S&P (2014)

Digital Library

[24]

Madan, B.B., Goševa-Popstojanova, K., Vaidyanathan, K., Trivedi, K.S.: A method for modeling and quantifying the security attributes of intrusion tolerant systems. Performance Evaluation 56(1), 167--186 (2004)

Digital Library

[25]

Onarlioglu, K., Bilge, L., Lanzi, A., Balzarotti, D., Kirda, E.: G-free: defeating return-oriented programming through gadget-less binaries. In: Proc. of ACSAC (2010)

Digital Library

[26]

OpenBSD: Openbsd 3.3 (2003), http://www.openbsd.org/33.html

[27]

PaX: Pax address space layout randomization (2003), http://pax.grsecurity.net/docs/aslr.txt

[28]

Roy, A., Kim, D.S., Trivedi, K.S.: Cyber security analysis using attack countermeasure trees. In: Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research (2010)

Digital Library

[29]

Rudd, R., Skowyra, R., Bigelow, D., Dedhia, V., Hobson, T., Crane, S., Liebchen, C., Larsen, P., Davi, L., Franz, M., Sadeghi, A.R., Okhravi, H.: Address-Oblivious Code Reuse: On the Effectiveness of Leakage-Resilient Diversity. In: NDSS (2017)

[30]

Sang, F.L., Nicomette, V., Deswarte, Y.: I/o attacks in intel pc-based architectures and countermeasures. In: SysSec Workshop (SysSec), 2011 First (2011)

Digital Library

[31]

Schuster, F., Tendyck, T., Liebchen, C., Davi, L., Sadeghi, A.R., Holz, T.: Counterfeit object-oriented programming: On the difficulty of preventing code reuse attacks in c++ applications. In: Proc. of IEEE S&P (2015)

Digital Library

[32]

Seibert, J., Okhravi, H., Soderstrom, E.: Information Leaks Without Memory Disclosures: Remote Side Channel Attacks on Diversified Code. In: Proc. of ACM CCS (2014)

Digital Library

[33]

Sevinsky, R.: Funderbolt: Adventures in thunderbolt dma attacks. Black Hat USA (2013)

[34]

Shacham, H.: The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In: Proc. of ACM CCS. pp. 552--561 (2007)

Digital Library

[35]

Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proc. of IEEE S&P (2002)

Digital Library

[36]

Skowyra, R., Casteel, K., Okhravi, H., Zeldovich, N., Streilein, W.: Systematic analysis of defenses against return-oriented programming. In: Proc. of RAID (2013)

Digital Library

[37]

Snow, K.Z., Monrose, F., Davi, L., Dmitrienko, A., Liebchen, C., Sadeghi, A.R.: Just-in-time code reuse: On the effectiveness of fine-grained address space layout randomization. In: Proc. of IEEE S&P (2013)

Digital Library

[38]

Strackx, R., Younan, Y., Philippaerts, P., Piessens, F., Lachmund, S., Walter, T.: Breaking the memory secrecy assumption. In: Proc. of EuroSec'09. pp. 1--8 (2009)

Digital Library

[39]

Szekeres, L., Payer, M., Wei, T., Song, D.: Sok: Eternal war in memory. In: Proc. of IEEE S&P (2013)

Digital Library

[40]

Wartell, R., Mohan, V., Hamlen, K.W., Lin, Z.: Binary stirring: Self-randomizing instruction addresses of legacy x86 binary code. In: Proc. of ACM CCS (2012)

Digital Library

[41]

Zou, C.C., Towsley, D., Gong, W.: Modeling and simulation study of the propagation and defense of internet e-mail worms. IEEE TDSC 4(2) (2007)

Digital Library

Cited By

Angelini MBlasilli GBonomi SLenti SPalleschi ASantucci GPaoli E(2021)BUCEPHALUS: a BUsiness CEntric cybersecurity Platform for proActive anaLysis Using visual analyticS2021 IEEE Symposium on Visualization for Cyber Security (VizSec)10.1109/VizSec53666.2021.00007(15-25)Online publication date: Oct-2021
https://doi.org/10.1109/VizSec53666.2021.00007
Angelini MBlasilli GCatarci TLenti SSantucci G(2018)Vulnus: Visual Vulnerability Analysis for Network SecurityIEEE Transactions on Visualization and Computer Graphics10.1109/TVCG.2018.286502825:1(183-192)Online publication date: 7-Dec-2018
https://dl.acm.org/doi/10.1109/TVCG.2018.2865028

QUASAR: Quantitative Attack Space Analysis and Reasoning
1. Security and privacy
  1. Systems security
2. Social and professional topics
  1. Computing / technology policy

Recommendations

D-ward: source-end defense against distributed denial-of-service attacks
Detecting Insider Theft of Trade Secrets

Trusted insiders who misuse their privileges to gather and steal sensitive information represent a potent threat to businesses. Applying access controls to protect sensitive information can reduce the threat but has significant limitations. Even if ...
Security beyond cybersecurity: side-channel attacks against non-cyber systems and their countermeasures
Abstract
Side-channels are unintended pathways within target systems that leak internal information, exploitable via side-channel attack techniques that extract the target information, compromising the system’s security and privacy. Side-channel attacks ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ACSAC '17: Proceedings of the 33rd Annual Computer Security Applications Conference

December 2017

618 pages

ISBN:9781450353458

DOI:10.1145/3134600

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 December 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Research
Refereed limited

Conference

ACSAC 2017

ACSAC 2017: 2017 Annual Computer Security Applications Conference

December 4 - 8, 2017

FL, Orlando, USA

Acceptance Rates

Overall Acceptance Rate 104 of 497 submissions, 21%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
231
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)0

Reflects downloads up to 15 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Angelini MBlasilli GBonomi SLenti SPalleschi ASantucci GPaoli E(2021)BUCEPHALUS: a BUsiness CEntric cybersecurity Platform for proActive anaLysis Using visual analyticS2021 IEEE Symposium on Visualization for Cyber Security (VizSec)10.1109/VizSec53666.2021.00007(15-25)Online publication date: Oct-2021
https://doi.org/10.1109/VizSec53666.2021.00007
Angelini MBlasilli GCatarci TLenti SSantucci G(2018)Vulnus: Visual Vulnerability Analysis for Network SecurityIEEE Transactions on Visualization and Computer Graphics10.1109/TVCG.2018.286502825:1(183-192)Online publication date: 7-Dec-2018
https://dl.acm.org/doi/10.1109/TVCG.2018.2865028

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents